int crypto_auth_hmacsha256_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
{
unsigned char correct[32];
crypto_auth_hmacsha256(correct,in,inlen,k);
return crypto_verify_32(h,correct) | (-(h == correct)) |
sodium_memcmp(correct,h,32);
}
/**
* PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
* Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
* write the output to buf. The value dkLen must be at most 32 * (2^32 - 1).
*/
void
PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
{
uint8_t key[32] = {0};
size_t i;
uint8_t salt_and_ivec[saltlen + 4];
uint8_t U[32];
uint8_t T[32];
uint64_t j;
int k;
size_t clen;
if (passwdlen > 32) {
/* For some reason libsodium allows 64byte keys meaning keys
* between 32byte and 64bytes are not compatible with libsodium.
toxencryptsave should only give 32byte passwds so this isn't an issue here.*/
crypto_hash_sha256(key, passwd, passwdlen);
} else {
memcpy(key, passwd, passwdlen);
}
memcpy(salt_and_ivec, salt, saltlen);
for (i = 0; i * 32 < dkLen; i++) {
be32enc(salt_and_ivec + saltlen, (uint32_t)(i + 1));
crypto_auth_hmacsha256(U, salt_and_ivec, sizeof(salt_and_ivec), key);
memcpy(T, U, 32);
for (j = 2; j <= c; j++) {
crypto_auth_hmacsha256(U, U, 32, key);
for (k = 0; k < 32; k++) {
T[k] ^= U[k];
}
}
clen = dkLen - i * 32;
if (clen > 32) {
clen = 32;
}
memcpy(&buf[i * 32], T, clen);
}
sodium_memzero((void *) key, sizeof(key));
}
int main(void)
{
int i;
crypto_auth_hmacsha256(a,c,sizeof c,key);
for (i = 0;i < 32;++i) {
printf(",0x%02x",(unsigned int) a[i]);
if (i % 8 == 7) printf("\n");
}
return 0;
}
int crypto_auth_sec(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
{
/* Argument addresses are public for now */
public_in(__SMACK_value(out));
public_in(__SMACK_value(in));
public_in(__SMACK_value(k));
/* Annotations: everything is private (this should fail) */
return crypto_auth_hmacsha256(out,in,inlen,k);
}
int crypto_auth_pub(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
{
/* Argument addresses are public for now */
public_in(__SMACK_value(out));
public_in(__SMACK_value(in));
public_in(__SMACK_value(k));
/* Annotations */
public_in(__SMACK_value(inlen));
return crypto_auth_hmacsha256(out,in,inlen,k);
}
int
yacl_hmac_sha256(const uint8_t *key, size_t key_len,
const uint8_t *data, size_t data_len,
uint8_t mac[YACL_SHA256_LEN])
{
#ifdef HAVE_LIBSODIUM
if (YACL_SHA256_LEN == key_len)
{
return crypto_auth_hmacsha256(mac, data, data_len, key);
}
#endif
return hmac_sha256(key, key_len, data, data_len, mac);
}
int
macaroon_hmac(const unsigned char* _key, size_t _key_sz,
const unsigned char* text, size_t text_sz,
unsigned char* hash)
{
int rc;
unsigned char key[crypto_auth_hmacsha256_KEYBYTES];
sodium_memzero(key, crypto_auth_hmacsha256_BYTES);
memmove(key, _key, _key_sz < sizeof(key) ? _key_sz : sizeof(key));
rc = crypto_auth_hmacsha256(hash, text, text_sz, key);
assert(rc == 0);
return 0;
}
static void
mm_hmacsha256(void)
{
crypto_auth_hmacsha256_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES);
h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
crypto_auth_hmacsha256_keygen(k);
randombytes_buf(m, mlen);
crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES);
l1 = randombytes_uniform(mlen);
l2 = randombytes_uniform(mlen - l1);
crypto_auth_hmacsha256_update(&st, m, l1);
crypto_auth_hmacsha256_update(&st, m + l1, l2);
crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_auth_hmacsha256_final(&st, h);
crypto_auth_hmacsha256(h2, m, mlen, k);
assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
int crypto_auth_hmacsha256_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
{
unsigned char correct[32];
crypto_auth_hmacsha256(correct,in,inlen,k);
return crypto_verify_32(h,correct);
}
SODIUM_EXPORT int
crypto_auth_hmacsha256_ref(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
{
return crypto_auth_hmacsha256(out, in, inlen, k);
}
